[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] home directory permissions

If your users have figured out a way to change perms on /home/* you have a security hole that needs a bigger patch than a cron job. Gotta find the source of the problem and fix it properly.

James P. Kinney III wrote:

Hmm. The default user setup is 700. So unless the students are changing
things something is wrong with the permission controls from Likewise.

chmod 700 /home/*

That will reset the permissions on all directories in /home .
If the problem recurs, make it a cron job as follows:

crontab -e

Now PgDn to the bottom of the file and hit "A" (capital letter A for
Append) and hit the enter to start a new line

now type in:

* 7,11 * * * chmod 700 /home/*

then hit <Esc> then :wq

(yes this is a vi environment - it's good to know at least the basics!)

So now, every day at 7 and 11 am all directories will be reset to perms
700. If you want to do it every 2 hours, change the 7,11 to be */2 . If
you want 3pm only, use 15 instead of 7,11 .

If you don't want an email of everytime it runs make the first line of
the crontab :


But I would look into WHY and HOW the perms were changed in the first
place. Something is amiss!
On Thu, 2008-07-10 at 06:54 -0700, Ernie Hudson wrote:
Does anyone have an easy way to change the permissions on the home
directories so that only the owner has access to it. We have some very
bright students and they have found out that they can copy work from
someone else and have more free time. I am using the 5EL and have
single sign on using likewise open from my windows server using active
directory. I know I can change them one at a time using “chmod 700
filename”. I am not adept at writing scripts and hoping someone can

outlook signature

Statement of Confidentiality: The contents of this e-mail message and
any attachments are intended solely for the addressee. The information
may also be confidential and/or legally privileged. This transmission
is sent for the sole purpose of delivery to the intended recipient. If
you have received this transmission in error, any use, reproduction,
or dissemination of this transmission is strictly prohibited. If you
are not the intended recipient, please immediately notify the sender
by reply e-mail, send a copy to postmaster snowlineschools com and
delete this message and its attachments, if any.

E-mail is covered by the Electronic Communications Privacy Act, 18 USC
SS 2510-2521 and is legally privileged.

This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________
K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]